Bug 13724

Summary: pthread_setname_np segfault
Product: glibc Reporter: law
Component: nptlAssignee: Not yet assigned to anyone <unassigned>
Status: RESOLVED WONTFIX    
Severity: normal CC: drepper.fsp, jakub, neleai, yselkowi
Priority: P2 Flags: fweimer: security-
Version: 2.15   
Target Milestone: ---   
Host: Target:
Build: Last reconfirmed:

Description law 2012-02-22 19:05:25 UTC 
pthread_setname_np can segfault if passed a NULL pointer.

#define _GNU_SOURCE
#include <pthread.h>
#include <stdio.h>
#include <string.h>

int
main(void)
{
  pthread_t thr = pthread_self ();
  int ret = pthread_setname_np (thr, NULL);
  printf ("pthread_setname_np: %s\n", strerror (ret));
  return 0;
}

The setname_np/getname_np have non-null attributes for the appropriate arguments and one could make a case that this is ultimately a user error.  However, given these are not performance critical routines, I believe we can spare the cycles to do argument verification  to improve the quality of implementation.
Comment 1 Yaakov Selkowitz 2012-02-23 03:04:44 UTC 
Since pthread_setname_np is undocumented, I'm not sure what the desired solution is in this case:

1) Return EFAULT, just as pthread_getname_np (thr, NULL, 16).
2) Leave the nonnull attribute but treat NULL as "" just in case.
3) Remove the nonnull attribute and allow NULL as synonym for "".
Comment 2 Jakub Jelinek 2012-02-23 07:09:57 UTC 
When it isn't documented in man pages or info pages, the headers are the only
documentation.  And the headers clearly document that you must not call it with
NULL:

/* Get thread name visible in the kernel and its interfaces.  */
extern int pthread_getname_np (pthread_t __target_thread, char *__buf,
                               size_t __buflen)
     __THROW __nonnull ((2));

/* Set thread name visible in the kernel and its interfaces.  */
extern int pthread_setname_np (pthread_t __target_thread, __const char *__name)
     __THROW __nonnull ((2));
Comment 3 Yaakov Selkowitz 2012-02-23 07:25:39 UTC 
(In reply to comment #2)
> When it isn't documented in man pages or info pages, the headers are the only
> documentation.  And the headers clearly document that you must not call it with
> NULL:

I understand that, but that doesn't necessarily mean it should segfault if NULL is passed anyway.  pthread_getname_np(thr, NULL, 16) returns EFAULT, but pthread_setname_np(thr, NULL) segfaults.  That inconsistency in a corresponding pair of functions seems odd to me, hence the question if this is the intended result.
Comment 4 Andreas Schwab 2012-02-23 10:01:49 UTC 
It's consistently undefined behaviour.
Comment 5 Ondrej Bilka 2013-10-08 14:55:55 UTC 
In discussion at http://www.sourceware.org/ml/libc-alpha/2013-10/msg00111.html we decided that crashing is better as error code will likely be ignored.